> Anyone have a good script to provide users with the opportunity
to have their password changed, and then the new one emailed to them?
I just did one. I won't provide the whole damn code, but here's a sketch
of how it works:
(I assume Your user has an account with a unique username and a mail
address. Otherwise this won't work. No new mail address will be accepted
when requesting a new password, of course.)
1. User provides his username in sendpassword.php
2. sendpassword.php does:
* insert username and new random password into a separate
table (not the usertable!)
* send link to ->changepassword.php with username and new
password to mail address from usertable,
commenting that someone (not necessarily the account owner)
has applied for a new password.
3. changepassword.php accepts username and newpassword,
deletes values from temp table and sets new password value
(md5()!)
If You're really nice, provide an input field to change the
random password instantly to a personal password.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!
Security issues:
* All Your password fields are md5 encrypted
* use https, if You can
* use a routine to expire the temp values in a set interval of,
say, 24 hours
* If Your user's data is /very/ delicate, _do_not_use_this_method_!
(Mail is not safe)
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!
(anyone have improvements?)
Enjoy coding!
rudi